From 4d5480baf0d90e1a33e9b8dde0c9ba7051f989ef Mon Sep 17 00:00:00 2001 From: Fabian Groffen Date: Thu, 19 Sep 2019 20:46:01 +0200 Subject: mail-filter/opendmarc: revbump with fix for CVE-2019-16378 Bug: https://bugs.gentoo.org/694968 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Fabian Groffen --- .../files/opendmarc-1.3.2-multiple-From.patch | 35 +++++++++++ mail-filter/opendmarc/opendmarc-1.3.2-r3.ebuild | 72 ++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 mail-filter/opendmarc/files/opendmarc-1.3.2-multiple-From.patch create mode 100644 mail-filter/opendmarc/opendmarc-1.3.2-r3.ebuild (limited to 'mail-filter') diff --git a/mail-filter/opendmarc/files/opendmarc-1.3.2-multiple-From.patch b/mail-filter/opendmarc/files/opendmarc-1.3.2-multiple-From.patch new file mode 100644 index 000000000000..28b2f852f39a --- /dev/null +++ b/mail-filter/opendmarc/files/opendmarc-1.3.2-multiple-From.patch @@ -0,0 +1,35 @@ +From f6b615e345037408b88b2ffd1acd03239af8a858 Mon Sep 17 00:00:00 2001 +From: Marcin Seremak +Date: Tue, 30 Jul 2019 08:05:28 +0200 +Subject: [PATCH] Fix multiple addresses in From vulnerability + +--- + libopendmarc/tests/test_finddomain.c | 1 + + opendmarc/opendmarc.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libopendmarc/tests/test_finddomain.c b/libopendmarc/tests/test_finddomain.c +index 50cf405..8447463 100644 +--- a/libopendmarc/tests/test_finddomain.c ++++ b/libopendmarc/tests/test_finddomain.c +@@ -23,6 +23,7 @@ main(int argc, char **argv) + /* 11 */ {"(,) joe@joe.com", "joe.com"}, + /* 12 */ {"\"( bob@bob.com)\" joe@joe.com", "joe.com"}, + /* 12 */ {"From: Davide D'Marco ", "blah.com"}, ++ /* 13 */ {"blah.com", "blah.com"}, + {NULL, NULL}, + }; + u_char dbuf[256]; +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index 419c15a..9b7fe3a 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2193,7 +2193,7 @@ mlfi_eom(SMFICTX *ctx) + strncpy(dfc->mctx_fromdomain, domain, sizeof dfc->mctx_fromdomain - 1); + + ostatus = opendmarc_policy_store_from_domain(cc->cctx_dmarc, +- from->hdr_value); ++ dfc->mctx_fromdomain); + if (ostatus != DMARC_PARSE_OKAY) + { + if (conf->conf_dolog) diff --git a/mail-filter/opendmarc/opendmarc-1.3.2-r3.ebuild b/mail-filter/opendmarc/opendmarc-1.3.2-r3.ebuild new file mode 100644 index 000000000000..2482aed4e1f8 --- /dev/null +++ b/mail-filter/opendmarc/opendmarc-1.3.2-r3.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit user multilib systemd + +DESCRIPTION="Open source DMARC implementation " +HOMEPAGE="http://www.trusteddomain.org/opendmarc/" +SRC_URI="mirror://sourceforge/opendmarc/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="spf +reports static-libs" + +DEPEND="reports? ( dev-perl/DBI ) + || ( mail-filter/libmilter mail-mta/sendmail )" +RDEPEND="${DEPEND} + reports? ( + dev-perl/DBD-mysql + dev-perl/HTTP-Message + dev-perl/Switch + ) + spf? ( mail-filter/libspf2 )" + +PATCHES=( + "${FILESDIR}"/${P}-multiple-From.patch +) + +pkg_setup() { + enewgroup milter + enewuser milter -1 -1 /var/lib/milter milter +} + +src_prepare() { + default + if use !reports ; then + sed -i -e '/^SUBDIRS =/s/reports//' Makefile.in || die + fi +} + +src_configure() { + econf \ + --docdir="${EPREFIX}"/usr/share/doc/${PF} \ + --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \ + $(use_with spf) \ + $(use_with spf spf2-include "${EPREFIX}"/usr/include/spf2) \ + $(use_with spf spf2-lib "${EPREFIX}"/usr/$(get_libdir)) \ + $(use_enable static-libs static) +} + +src_install() { + default + + use static-libs || rm -f "${ED}"/usr/$(get_libdir)/*.la + + newinitd "${FILESDIR}"/opendmarc.initd opendmarc + newconfd "${FILESDIR}"/opendmarc.confd opendmarc + systemd_dounit "${FILESDIR}/${PN}.service" + + dodir /etc/opendmarc + + # create config file + sed \ + -e 's:^# UserID .*$:UserID milter:' \ + -e "s:^# PidFile .*:PidFile ${EPREFIX}/var/run/opendmarc/opendmarc.pid:" \ + -e '/^# Socket /s:^# ::' \ + "${S}"/opendmarc/opendmarc.conf.sample \ + > "${ED}"/etc/opendmarc/opendmarc.conf \ + || die +} -- cgit v1.2.3-65-gdbad